From owner-freebsd-questions@freebsd.org Wed Dec 30 18:20:24 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D4994CACFB for ; Wed, 30 Dec 2020 18:20:24 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D5fj35W0Tz4Ts3 for ; Wed, 30 Dec 2020 18:20:23 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by mail-ed1-x52d.google.com with SMTP id u19so16193115edx.2 for ; Wed, 30 Dec 2020 10:20:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gGXRlvOCM3CEPpv2Yk/t/OBBpwKI6murFTBQ0cqScuo=; b=runZNaQ/PhWrYQevBf0IhfSBrD6m0dsLzbM5Mp1UDX9LdFsLtlRLgQJdG/dV6E9t0X 0h37BoeczEnl+dunzpZMM4W3TFSt8k3TVYJ0MZE2fhNvs1QGI/37t47QmkHDs+fC5WgO 0ypUlwEnScrcfdzwW4WQKQrAubmE6iCPDrZtBG++1Orxe7nAjvuuaaPl5baGcK4S81wx ejaU1OAjCuto9I3wXXUSch6OYxZ6xrdCihbz3styQgiCYCkIyR/zZWTLPIUbHTIefbqp B40aKDVJoUqmHJmKiB0mkuex0YLHT7pQLn1/58TZtBYRMFq8RZAdZo218sONHFAkaEUu At7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gGXRlvOCM3CEPpv2Yk/t/OBBpwKI6murFTBQ0cqScuo=; b=g/0qAhcn03qFzxycw7ltsbuKVpzbzvFTjboOTYPxnj82GNvMkTVTYrWECQVqjIc+uy ZqpWUbzc9qjTaqKsAru5HEPM8BhD2MMjkavHXzcd3CPfzEA0kRsPvlRTJhF3JTepzT+u uCGM0otiZ2oGP/p6D+UYY9Q1AYSmqh8vPAbP47mPqabMTx4aHO2xToPuKnzjhwDo39sj US80zSEFljgwJLl4vzIf8SN6fQt8CNKsmdU9TQR1vVJ30uDlEJuH/XS5BWBupr7jnjMC ZI3IsJSLCvC/42VohjYrC/SmX+jxkiZAahBGtDC/1K0mBbyRrIEQqCHg/SfOvtA4jiHB Xedw== X-Gm-Message-State: AOAM533+f1nOJXPcyn44S+zEDT9Wrx/mqxhE9Oy9VBhQrT4v2axvxcTE Yre4DpLwH6E+PsjVy1LZhmF3CQcWJpfROtFdiq4TQ4Ke91A= X-Google-Smtp-Source: ABdhPJz8kRyo1JazV7vgKehOt9ZAw9RDY/KxTnOF/67FXCsyGf/++8AMHa+OFEpP1pfM/Rk8G2N46m3nZOmJvgd/Ras= X-Received: by 2002:a05:6402:3048:: with SMTP id bu8mr51721182edb.49.1609352422365; Wed, 30 Dec 2020 10:20:22 -0800 (PST) MIME-Version: 1.0 References: <29490187.204174646.1609349437600.JavaMail.zimbra@shaw.ca> In-Reply-To: From: "Kurt Buff, GSEC/GCIH/PCIP" Date: Wed, 30 Dec 2020 11:20:08 -0700 Message-ID: Subject: Re: Project information - SMBv2+ To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4D5fj35W0Tz4Ts3 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=runZNaQ/; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kurtbuff@gmail.com designates 2a00:1450:4864:20::52d as permitted sender) smtp.mailfrom=kurtbuff@gmail.com X-Spamd-Result: default: False [-2.04 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::52d:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::52d:from:127.0.2.255]; NEURAL_SPAM_SHORT(0.96)[0.957]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::52d:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2020 18:20:24 -0000 On Wed, Dec 30, 2020 at 10:54 AM CerebrosuS wrote: > > Am 30.12.20 um 18:30 schrieb Dale Scott: > > ----- Original Message ----- > >> From: "Kevin P. Neal" > >> To: "CerebrosuS" > >> Cc: "freebsd-questions" > >> Sent: Tuesday, December 29, 2020 7:35:51 PM > >> Subject: Re: Project information - SMBv2+ > > > >> On Mon, Dec 28, 2020 at 10:13:07PM +0100, CerebrosuS wrote: > >>> Hello at all, > >>> > >>> the community and developer at FreeBSD seem to know, that SMBv1 for > >>> clients is nearly over and that the included mount_smbfs doesn't support > >>> newer versions. So good, so far... > >>> > >>> So I can find multiple information about the situation, but no clear > >>> path on how FreeBSD community and developer will go on to solve this > >>> missing function. (Just got the information on: > >>> https://wiki.freebsd.org/MateuszPiotrowski/AccessingSmbSharesWithSambaClient) > > > > Can someone give a quick big picture? What would this mean for someone e.g. > > wanting to build an enterprise file server? Can FreeBSD currently serve (I see > > latest samba413 is in ports), but not connect as client to other (newer) servers? > > > > Thanks > > The problem is using FreeBSD as an SMB client. SMBv1 is possible through > mount_smbfs. SMBv2+ is possible with gvfs and smbnetfs from fuse. SMBv1 > has some bad security issues (thats' why everyone is switching to > SMBv2+) and MS Windows 10 switched to SMBv2+ meaning, SMBv1 is not > supported by default. > > The fuse module is known be slow and unstable. I read the "unstable" and > "slow" argument for gvfs too, but have only tested the fuse module. > Third party packages are also problematic when using with /etc/fstab > (there seem to be some workarounds with extension scripts). > > So to use freebsd as an SMB client would need to extend the mount_smbfs > module or invest time to speed up smbnetfs/gvfs to make it usable. > > For an enterprise file server serving samba is no problem as far as I > know and as long as you don't need to mount SMB sources to serve the data. > > Anyone might want to correct me, if my collected information are wrong. :-) Not wrong, but using SMBv1 to serve files to machines which don't like that version of SMB will be an exercise in frustration. Kurt